## YOURLS site config
server {
    ## Redirect http to https
    listen 80;
    listen [::]:80;
    server_name tt.demu.red;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name tt.demu.red;
    root /var/www/tt-rss;

    access_log /var/log/nginx/ttrss_access.log;
    error_log /var/log/nginx/ttrss_error.log;

    ## Disable all methods besides HEAD, GET and POST.
    if ($request_method !~ ^(GET|HEAD|POST)$ ) {
        return 444;
    }

    index index.php index.html;

    ## Include certbot fix
    include /etc/nginx/snippets/nginx.well-known.conf;

    ## Include ssl
    include /etc/nginx/snippets/nginx.ssl.conf;

    ### Deny Stuffs ### {{{
        ## Protect specific TXT and config files
        location ~ /(\.|readme.html|readme.md|changelog.txt|changelog.md|contributing.txt|contributing.md|license.txt|license.md|legalnotice|privacy.txt|privacy.md|security.txt|security.md|sample-.*txt)
        {
            deny all;
        }

        ## Protect .git files
        location ~ /\.git/ {
            access_log off;
            log_not_found off;
            deny all;
        }
    ### End Deny Stuffs ### }}}

    location / {
        access_log /var/log/nginx/ttrss_access.log;
        error_log /var/log/nginx/ttrss_error.log info;

        #location ~ /(js|css|images|lib|themes) {
            #access_log off;
        #}

        location ~ ^(.+\.php)(.*)$ {
            fastcgi_split_path_info ^(.+\.php)(.*)$;
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
            fastcgi_index index.php;
            ## https://stackoverflow.com/questions/28490391/how-to-properly-configure-alias-directive-in-nginx
            fastcgi_param SCRIPT_FILENAME $request_filename;
            include fastcgi_params;
        }
    }

    ## Error Redirects
    error_page 403 /error.html;
    error_page 404 /error.html;
    error_page 405 /error.html;
    error_page 500 501 502 503 504 /error.html;

    location = /error.html {
        root /var/www/error;
        internal;
    }
}
